Webroot Totally Revamps Product Line

The 2012 antivirus and security suite solutions from Webroot have been rewritten from the ground up. For malware protection they rely totally on the unique technology Webroot obtained with its acquisition of Prevx last year.

This site may earn affiliate commissions from the links on this page. Terms of use.

When the 2012 editions of Webroot's antivirus and security suite come out they'll be a near-total departure from earlier Webroot products. The company has completely replaced their existing anti-malware code with technology obtained through their acquisition of Prevx last November. An all-star Webroot / Prevx team briefed me on what to expect.

Webroot has a long-standing habit of making large and small changes to their product names, changes beyond just adding the latest year. Webroot SecureAnywhere and Webroot SecureAnywhere Antivirus are brand-new products with brand-new names, replacing Webroot Internet Security Complete 2011 and Webroot AntiVirus with Spy Sweeper 2011. Those are the two I'll review; there's also an in-between product called Webroot SecureAnywhere Essentials.

Tiny Local App
Jaroch explained that all the SecureAnywhere products are exactly the same file, with different features turned on based on which license key you use. Where most security suite installers weigh in anywhere from 60MB to well over 200MB, SecureAnywhere would fit on a floppy disk, so there's no reason to create separate versions.

Jaroch's team totally built the product from the ground up using raw C code. There are no embedded bitmaps, no visual tool libraries, no buttons. Every element of the user interface is rendered as needed.

"If you snap a screenshot of our product and save it as a bitmap, the screenshot will be bigger than the product itself," Jaroch said. Morris added that this minuscule local client leaves little "surface area" exposed to attack by malware.

Immense Cloud Database
One reason the local application can be so tiny is that it doesn't include any malware signatures, Morris explained. The Prevx technology relies entirely on an immense database of applications and behaviors in the cloud. This database collects and correlates an almost-unimaginable amount of information about every process ever run on any system with SecureAnywhere (or Prevx) installed. Along with the expected notes about process behavior it correlates things like the geographic location, browser version, and other elements of the sample's "habitat."

According to Morris, this database, code named ENZO, can include as many as two million database rows for a single process.

"Cybersecurity is all about information," said Morris. "We store and correlate all the factors about the process's behavior in all the places it was seen. We aim to have more information than anyone, so we can offer better protection than anyone."

A Researcher Inside Your PC
In most antivirus research labs, technicians dismantle malware samples, run them under controlled circumstances, and analyze what they do.

"Some threats may not do anything bad if they've been coded to lie low when running at, for example, a Symantec IP address," Morris said. He went on to explain, "I asked the researchers exactly what tools do you need, and what information do you expect to get? Then we put those tools into the product."

"Every user's PC becomes a malware researcher, Jaroch added. "We see the new behaviors immediately and get better information than if we ran the samples in our lab."

The meeting finished with a detailed demo of the new product line, but that information is under embargo until the release of the final code. I must say, this extremely different approach has me really looking forward to getting my hands on the SecureAnywhere products for testing.

Neil Rubenking served as vice president and president of the San Francisco PC User Group for three years when the IBM PC was brand new. He was present at the formation of the Association of Shareware Professionals, and served on its board of directors. In 1986, PC Magazine brought Neil on board to handle the torrent of Turbo Pascal tips submitted by readers. By 1990, he had become PC Magazine's technical editor, and a coast-to-coast telecommuter. His "User to User" column supplied readers with tips...
More »